CVE-2016-9646

Summary

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Affected Software

VendorProductVersion RangeStatus
ikiwikiikiwikibefore 3.20161229affected

Weaknesses

  • commit metadata forgery

ADP Enrichment

CVE Program Container

Additional References

References